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APPEAL BRIEF (37 C.RR. 41.37) 
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REAL PARTY IN INTEREST 

The real party in interest in this appeal is the following party: Intematjonal Business Machines 
Corporation. 
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RELATED APPEALS AND INTERFERENCES 

With respect to other appeals or interferences that will directly affect, or be directly affected by, or 
have a bearing on the Board's decision in the pending appeal, there are no such appeals or 
interferences. 
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STATUS OF CXAIMS 

A. TOTAL NUMBER OF CLAIMS IN APPLICATION 

Claims in the application are: 1-21 

B. STATUS OF ALL THE CLAIMS IN APPLICATION 

1- Claims canceled: NONE 

2. Claims withdrawn from consideration but not canceled: NONE 

3. Claims pending: 1-21 

4. Claims allowed: NONE 

5. Claims rejected: 1-21 

6. Claims objected to; NONE 

C. CLAIMS ON APPEAL 
Tlie claims on appeal are: 1-21 
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STATUS OF AMENDMENTS 

No amendments were made in the Response to Office Action, dated July 22, 2004 or after the Final 
Office Action dated November 12, 2004. 
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SUMMARY OF CLAIMED SUBJECT MATTER 

A. CLAIM 1 - INDEPENDENT 

The subject matter of claim 1 is directed to a method in a data processing system (100, 200 and 
300) for securing information stored in a browser cache associated with a browser (400, 500, 
600, 700, 800 and 900). A session is initiated and a first web page (422, 510) is requested. The 
requested web page (422, 510) is received (step 1102). The received web page (422, 510) is 
encrypted (steps 1108 and 1112 or step 1110) (see Specification, page 5, lines 14-17 and page 27, 
line 1 9 through page 28, line 12; and Figures 8 and 11). Then, the encrypted web page is cached 
(step 1114). As the user browses network nodes or web pages (422, 510) on a network, the 
browser encrypts the web pages (steps 1110 and 1112) before the web pages are cached (step 
1114) (see SpecificaUon, page 5, lines 19-21 and Figure 11) to secure the information stored in 
the browser cache associated with the browser. 

B. CLAIM 9 - INDEPENDENT 

The subject matter of claim 9 is directed to a method in a data processing system (100, 200 and 
300) for securing information stored in a browser cache. An application is opened using a 
browser (400, 500, 600, 700, 800 and 900). An application specific function is performed on the 
application using the browser producing application specific information. The produced 
application specific information is encrypted (steps 1 1 08 and 1112 or step 1110) (see 
Specification, page 5, lines 14-17 and page 27, line 19 through page 28, line 12; and Figures 8 
and 11). Then, the encrypted ^plication specific information is cached (step II 14) (see 
Specificaiion, page 5, lines 19-21 and Figure 11) to secure the information stored in the browser 
cache associated with the browser. 

C. CLAIM 10 - INDEPENDENT 

The subject matter of claim 10 is directed to a method in a data processing system (100, 200 and 
300) for securing information stored in a browser cache associated with a browser (400, 500, 
600, 700, 800 and 900). A session is initiated and data associated with information content 
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Stoned in the browser cache is decrypted (step 1210). A user requests information that is stored 
in the browser cache. The decrypted data is checked for the requested information (step 1212). 
Additional data contained in the browser cache, which is the information requested by the user 
(step 1202) and stored in the browser cache, is decrypted (steps 1216, 1218 and 1220) (see 
Specification, page 5, lines 21-23 and page 28, line 13 through page 29, line 29; and Figure 12). 

D. CLAIM 1 1 - INDEPENDENT 

The subject matter of claim 1 1 is directed to a data processing system (TOO, 200 and 300) for 
securing infonnation stored in a browser cache associated with a browser (400, 500, 600, 700, 
800 and 900). The data processing system provides a means for initiating a session and a means 
for requesting a first web page (422, 510). The data processing system provides a means for 
receiving the requested web page (422, 510) (step 1102). The data processing system provides a 
means for encrypting the received web page (422, 510) (steps 1108 and 1112 or step 1110) (see 
Specijication, page 5, lines 14-17 and page 27, line 19 through page 28, line 12; and Figures 8 
and 11). Then, the data processing system provides a means for caching the encrypted web page 
(step 1114). 

E, CLAIM 19 - INDEPENDENT 

The subject matter of claim 19 is directed to a data processing system (100, 200 and 300) for 
securing information stored in a browser cache. The data processing system provides a means 
for opening an application using a browser (400, 500, 600, 700, 800 and 900). The data 
processing system provides a means for performing an application specific function on the 
application using the browser producing application specific mfoimation. The data processing 
system provides a means for encrypting the produced application specific information (steps 
1108 and 11 12 or step 1110) (see Specification, page 5, lines 14-17 and page 27, line 19 through 
page 28, line 12; and Figures 8 and 11). Then, the data processing system provides a means for 
caching the encrypted application specific information (step 1114) (see Specification, page 5, 
lines 19-21 and Figure 1 1) to secure the information stored m the browser cache associated with 
the browser. 

(Appeal Brief Page 7 of 31) 
Bta^Hs ct al. - 09/353,974 

PA(S9l33«R(n/DAT4/14l20l)53:57:17PM [Eastern Daylight Tiiiie]*SVR:USPTOffm^ 



04/14/2005 14:57 9723857766 



YEE & ASSOCIATES, PC 



PAGE 10 



F. CLAIM 20 - INDEPENDENT 

The subject matter of claim 20 is directed to a data processing system (100, 200 and 300) for 
securing information stored in a browser cache associated with a browser (400, 500, 600, 700, 
800 and 900). The data processing system provides a means for initiating a session and an means 
for decrypting data associated with iitfonnation content stored in the browser cache (step 1210). 
The data processing system provides a means for requesting information that is stored in the 
browser cache. The data processing system provides a means for checking the decrypted data for 
the requested infomiation (step 1 212). The data processing system provides a means for 
decrypting additional data contained in the browser cache, which is the information requested by 
the user (step 1202) and stored in the browser cache (steps 1216, 1218 and 1220) (see 
Specification, page 5, lines 21-23 and page 28, line 13 through page 29, line 29; and Figure 12). 

G, CLAIM 21 - INDEPENDENT 

The subject matter of claim 21 is directed to a computer program product on a computer readable 
medium (100, 200 and 300) for securing information stored in a browser cache associated with a 
browser (400, 500, 600, 700, 80O and 900). The computer program product provides instructions 
for initiating a session and instructions for requesting a jHrst web page (422, 510). The computer 
program product provides instructions for receiving the requested web page (422, 510) (step 
1102). The computer program product provides instmctions for encrypting the received web 
page (422, 510) (steps 1108 and 1112 or step 1 110) (see Specification, page 5, lines 14-17 and 
page 27, line 19 through page 28, line 12; and Figures 8 and 11). Then, the computer program 
product provides instructions for caching the encrypted web page (step 1114). 

H- CLAIM 2 - DEPENDENT 

The subject matter of claim 2, which depends from claim 1, is directed to a method of encrypting 
the web page comprising coding the web page using a browser supported encryption algorithm 
(see Specification, page 21, line 21 through page 22, line 16 and Figure 8). 
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I* CLAIM 3 - DEPENDENT 

The subject matter of claim 3, which depen ds from claim 1 , is directed to a method of encrypting 
the web page comprising coding the web page using an encryption application not supported by 
the browser (see Specification, page 21, line 21 through page 29, line 16 and Figure 8). 

J. CLAIM 4 - DEPENDENT 

The subject matter of claim 4, wWch depends from claim 1, is directed to a method of encrypting 
the web page comprising selecting a browser supported encryption algorithm for encrypting the 
web page (see Specification, page 21, line 21 through page 22, line 15 and Figure 8). 

K. CLAIM 5 - DEPENDENT 

The subject matter of claim 5, which depends from claim 1, is directed to a method of caching 
the web page further comprising providing a remote cache location (see Specification^ page 23, 
line 8 through page 25, line 2 and Figure 9). 

L. CLAIM 6 - DEPENDENT 

The subject matter of claim 6, which depends from claim 1, is directed to a method for password 
protecting the browser and browser cache from unauthorized users (see Specification, page 26, 
line 18 through page 27 line 6 and Figures 7, 8 and TO). 

M. CLAIM 7 - DEPENDENT 

The subject matter of claim 7, which depends from claim 1, is directed to a method of encrypting 
the web page comprising defining a path for storing the web page that directs the web page to 
memory locations for encrypted data (see Specification, page 23, line 8 through page 24, line 18 
and Figure 9). 

N. CLAIM 8 - DEPENDENT 

The subject matter of claim 8, which depends fit>m claim 1, is directed to a method wherein web 
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page inforcaation that is cached and then paged is paged as encrypted web page infonnation (see 
Specification, page 24, line 19 through page 25, line 2 and Figure 8). 

O, CLAIM 12 - DEPENDENT 

The subject matter of claim 12, which depends from claim 11, is directed to a system for 
encrypting the web page comprising coding the web page using a browser supported encryption 
algorithm (see Specification^ page 21, line 21 through page 22, line ] 6 and Figure 8), 

R CLAIM 13 - DEPENDENT 

The subject matter of claim 13, which depends from claim 1 1, is directed to a system for 
encrypting the web page comprising coding the web page using an encryption application not 
supported by the browser (see Specification, page 21, line 21 through page 22, line 29 and 
Figure 8). 

Q, CLAIM 1 4 - DEPENDENT 

The subject matter of claim 14, which depends from claim 1 1 , is directed to a system for 
encrypting the web page comprising selecting a browser supported encryption algorithm for 
encrypting the web page (see Specification, page 21 , line 21 through page 22, line 16 and 
Figure 8). 

FL CLAIM 15 - DEPENDENT 

The subject matter of claim 15, which depends from claim 1 1, is directed to a system for caching 
the web page further comprising providing a remote cache location (see Specification, page 23, 
line 8 through page 25, line 2 and Figure 9). 

S. CLAIM 1 6 - DEPENDENT 

The subject matter of claim 16, which depends from claim 1 1, is directed to a system for 
password protecting the browser and browser cache from unauthorized users (see Specification, 

(Appeal Brief Page 10 of 31) 
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page 26, line 1 8 through page 27 line 6 and Figures 7, 8 and 10). 
T. CLAIM 17 - DEPENDEP4T 

The subject matter of claim 17, which depends from claim 11, is directed to a system for 
encrypting the web page comprising defining a path for storing the web page that directs tlie web 
page to memory locations for encrypted data (see Specification, page 23, line 8 through page 24, 
line 18 and Figure 9). 

U. CLAIM 18 - DEPENDENT 

The subject matter of claim 18, which depends from claim II , is directed to a system wherein 
web page information that i$ cached and then paged is paged as encrypted web page information 
(see Specification, page 24, line 19 through page 25, line 2 and Figure 8). 
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A. GROUND OF REJECTION 1 (Claims 1-21) 

Claims 1-21 arc finally rejected under 35 U.S.C § 103(a) as being allegedly obvious over Chang 
et al (U,S. Patent Number 6,105,012), in view of Sasich et al (U.S. Patent Number 6,661,904). 
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ARGUMENT 



A. GROUND OF REJECTION 1 (Claims 1-21) 

Claitns 1-21 are rejected under 35 U.S.C. § 103(a) as being allegedly unpatentable over 
Chang et al. (U.S. Patent 6,105,012), hereinafter referred to as Change m view of Sasich et al 
(U-S. Patent 6,661, 904)^ hereinafter referred to as Sasich, This rejection is respectfully traversed. 

A.1- Claims 1, 9-11 and 19-21 

As to independ^t claim 1, the Final Office Action states: 

As per claim 1, Chang teaches the invention substantially as claimed including the 
use of a data processing implemented method comprising: initiating a session, requesting 
a first web page, receiving the web page (coL 4 line 1-20, col 8 lines 15-20, col. 8 lines 
39-45), encrypting the web page (col. 4 lines 20-22, col. 4 lines 61-62, col 8 lines 43-55) 
Chang does not teach the use of securing information stored in a cache. 

Sasich teaches the use of securing information stored in a cache (col. 7, lines 25-30; 
col 7, lines 46-55; coL 13 lines 30-40; coL 14, lines 57-65). 

It would have been obvious to one skilled in the art at the time of the invention to 
combine Chang and Sasich in order to have a secure cache. By having Sasich'$ secure 
cache system, a third party may not access information associated the cache (i.e., personal 
information). 

Final Office Action dated November 12, 2004, pages 2-3. 

Claim 1, which is representative of the other rejected independent claims 1 1 and 21 with 

regard to similarly recited subject matter, reads as follows: 

1 . A data processing implemented method for securing information stored in a 
browser cache associated with a browser, the method comprising: 

initiating a session; 

requesting a first web page; 

receiving the web page; 

encrypting the web page; and 

caching the web page, (emphasis added) 

Claim 9, which is representative of the other rejected independent claim 19 with regard to 

similarly recited subject matter, reads as follows: 

9. A data processing implemented method for securing information stored on a 
browser cache, the method comprising: 

opening an appUcation using a browser; 



(Appeal Brief Page 13 of 31) 
Berstis et al. - 09/353.97A 

PAGE 15/33 ' RCVD AT 4/14/2005 3:57:17 PM [Eastern Daylight fime] * SVR:USPT0-EFXRF-1/6 ' DNIS:8729306 ' CSID:9723857766 'DURATION (inin-ss):0M6 



04/14/2005 14:57 9723857766 YEE & ASSOCIATES, PC PAGE 16 



performing an application specific function on the ^plication using the browser, 
wherein application specific information is produced; 

encrypting the application specific information; and 

caching the application specific information, (emphasis added) 

Claim 1 0, which is representative of the other rejected independent claim 20 with regard 

to similarly recited subject matter, reads as follows: 

10. A data processing implemented method for securing information stored in a 
browser cache associated with a browser , the method comprising: 
initiating a session; 

decrypting data contained in the browser cache, wherein the decrypted data is 
associated with information content stored in the browser cache; 

requesting information stored in the browser cache; 

checking the decrypted data for requested information; and 

decrypting additional data contained in the browser cache, wherein the decrypted 
data is the requested information, (emphasis added) 

Chang and Sasich, taken alone ot in combination, do not teach or suggest securing 
information stored in a browser cache associated with a browser as recited in the steps of 
independent claims 1,9-11 and 19-21. The independent claims of the present invention are 
claimed in the context of "securing information stored in a browser cache associated with a 
browser," Neither reference, Chang nor Sasich^ addresses this issue. Because neither of the cited 
references is directed to die problem addressed by the present invention, their combination would 
not form the invention of claims 1^9-11 and 19-21, particularly in the context of a browser 
cache. 

Chang is directed to a "security system and method for financial institution server and 
cHent web browser" The invention deals with using HTML format to send and receive, between 
a financial institution server and a client computer with a web browser, forms representing 
financial transactions. (&e Abstract, lines 1-10), According to CAan^, these forms are 
encrypted for transit. Though Chang is clearly concerned with security, Chang docs not appear 
to teach or suggest the idea of encrypting the data to be cached for the purpose of keeping the 
data secure within the cache. Chang appears to be concerned with keeping the data secure during 
transmission where it is most vulnerable to interception by a hacker, and does not address 
desimbility of protecting received pages at the browser. 

Sasich is directed to a method and system for automated electronic conveyance of hidden 
data, A transformation of a data object called a personal logo contains personal data for 
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transmitting from a client computer to a server computer. During processing to create a personal 
logo, a user is prompted for personal infoimation. Sasich teaches that tlie personal information 
includes a name, an email address, a physical address, a telephone number, a credit card number, 
a social security number, a mother's maiden name, a personal identification number, a gender, a 
race, a religion, a disability, a sexual preference, a blood type, an allergy, a measure of income, a 
hobby, a name of a publication subscribed to. a job title, an injury, a garment size, a weight, an 
eye color, a fingerprint, a hand geometry, a height, a food preference, a disease, a hair color, a 
genotype, a voice print, a post office box, a shoe size, an occupation, an accreditation, a date of 
birdi, a date of encoding, a place of birth, a time of encoding, a filename, a universal record 
locator, an iris code, a retinal code, a license number, a security clearance level, a language, a 
processor serial number, and an alias. The personal information is deposited in a raw data cache 
for later combination with a unique graphic personal identifier to fonn a data conveyance object. 
The raw data cache itself may be encrypted and stored in an encrypted form. The personal data 
is embedded into transfonnation coefficients derived using one of several encoding techniques to 
hide and make the personal data difficult for an unauthorized party to extract. The personal data 
is extracted from the transformation coefficients by the server computer to complete the 
transaction. Thus, Sasich may teach encrypting a raw data cache of personal information, but 
does not teach or suggest securing infoimation stored in a browser cache associated with a 
browser. Further, Sasich does not teach encrypting information received by a browser and then 
caching the encrypted information in a browser cache. 

The Final Office Action points to Sasich, stating that "Sasich teaches the use of securing 
information stored in a cache...." The Final Office Action refers to the following portions of 
Sasich at col. 7, lines 25-30 and lines 45-55: 

Jn step 108a, the personal data is deposited in a raw data cache which includes groupings 
of user specified personal and privacy data and transaction related protocols. Custom data 
caches maybe fomicd m connection with certain kinds of transactions. 

Each raw data cache will be encoded to operate at a designated level of security 
commoisurate with protection appropriate to the kind of data contained within it and 
required by the anticipated transaction. Raw data cache level 1 may contain basic 
usemames, email address, and ^ropriate base level security. Raw data cache level 4 
may contain credit card numbers and other sensitive personal financial data requiring 
higher designated levels ofsecurity and verification 
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Although the above citations mention encoding the "raw data caches," Sasich does not 
teach this in the context of a browser program, as claimed in claim 1 of the present invention. 
Instead, Sasich is directed to a method of encoding data in an image ("personal logo") for 
transmission. The above passages do not describe general treatment of data in Sasich, but only 
describe one step in the creation of the personal logo, which is then used to transmit the sensitive 
data. For example, Sasich states at col. 3, lines 1-5: 

The present inv«ition makes use of digital graphical bitmaps to establish a visual 
Z!iTrt "'^Z^'^''''' identify and authority. Concsponding data streams ar^ used to 
tr^mrt tine sender's identity, authority, and data associated with the sender across a 



As described in Sasich S detailed description, the caching steps recited by the Final Office 
Action are not in the context of a browser, and are only one step in the creation of the personal 
logo, which is a method of encrypting data for tran.nii«^nn Sasich is not directed to protecting 
cached web pages by encrypting them and caching them, as claimed in claim 1. 

Specifically, the passages recited above by Examiner are in the context of Figure 2 of 
Sasich. At col. 5, lines 46-48, Sasich starts the discussion of the process: 

l^?.: ^ niethodology for creating a «er.^n.t to make use of the pereonal 

ogo eapabdify, tixe user may first install client software on his or her compute? 
tempriasis added) *^ 

Sasich goes on describing the method of HG. 2. Step 108a, from which the Final Office 
Action draws the above cited language, is given in Sasich as part of the logo creation process 
This differs significantly ftom the present invention, which is directed to encrypting and caching 
web pages. In the logo creation process, according to Sasich in FIG. 2, the steps include 
receiving a base image (105); processing it to make the image unique (106); optimizing the 
receive data for enrodin, (108); cacho the d ata noR.v r.^u;„. ... .... 

imageClOP); store the UGPI (1 10); and display the peraonal logo (1 10). 

The underlined steps are intended to highlight the feet that Sasich is not receiving, 
encrypting, and caching a web page as claimed. Instead, the step of caching is recited in fte 
context of creating the per^nal logo, which is used as a means to transmit mformation securely. 
Hence, Appellants respectfully submit that the cited language from col. 7 statiag. "Bach t.w data 
cache W.I1 be encoded to operate at a designated level of security commensurate with protection 
apprepnate to the kind of data contained within it..." does not teach the claimed limitations of, 
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"receiving the web page; encrypting the web page; and caching the web page." 

Hence, it is respectfaUy submitted that the combmation of references does not teach the 
claimed invention. Teaching to encrypt cached da ta fsuch as that recited bv Sasick: name, email 
address, phone number, etc.) for a specific process to c reate a persona] securitv lo^ n Hnpc n/^t 
make obvious all uses of encryp ted A^t« especially that taught in the context of claim 1 . 

Hence, Appellants respectfully submit that the two references, even if properly combined, 
do not teach or suggest the claimed invention. 

Further, the cited references do not mention or suggest the modijfications necessary to 
reach the claimed invention. In order for the two cited references to teach the claimed invention, 
significant modifications to their teaching would be necessary. For example, the encryption of 
cached data of Sasich would have to be modified to apply to a downloaded web page. 
Alternately, the teaching of Chang would have to be modified to include encryption of cached 
web pages, which is not taught nor suggested. The mere fact that the prior art could be modified to 
arrive at the claimed invention does not render the claimed invention obvious; the prior art must 
suggest the desirability of such a modification. InreOchiai, 71 F.3d 1565, 1570, 37U.S.P.Q.2d 
1 127, 1 131 (Fed. Cir. 1996); In re Gordon, 733 F.2d 900. 903, 221 U.S.P.Q. 1 125, 1 127 (Fed. Cir. 
1 984). Merely stating that the modification would have been obvious to one of ordinary skill 
without identifying an incentive or motivation for making the proposed modification is insufficient 
to establish a. prima facie case. 

It is also respectfully submitted that neither Chang nor Sasich specificaUy addresses the 
problem of the present invention, namely, protecting cached data in a user's machine that might 
be accessible to others. For example, the present invention states on page 3, line 29 through page 
4, line 4: 

Even when the cache is physically located on the user's computer, the user cannot 
assume that the contents of the disk cache are safe fix)m outside intrusion, much less 
secure if another user h as access to the user's web browser. Anyone having access to the 
user s web browser cache could conceivable reconstruct a user's web searching activity 
and deduce the subject matter of the search. 

Nothing in Sasich nor Chang addresses this problem. Hence, it is respectfully submitted 
that the combination of Sasich and Chang cannot be properly combined in the way suggested in 
the Final Office Action. Hence, claim 1 is believed distinguished from the cited references. 
Likewise, the other independent claims discuss the imiovations of the present appUcation in the 
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context of a browser, and arc believed distinguished on the grounds applicable to claim I, argued 
above. For these reasons, all independent claims are beUeved distinguished form the cited 
references. 

Since Chang and SM, taken alone or in combination, do not teach or suggest the 
features ofindependent claims 1.9-11 and 19-21, C/iang and ^ewfcA. taken alone or in 
combination, do not teach or suggest the features of dependent claims 2-8 and 12-18 at least by 
virtue of their dependency on claims 1 and 1 1 . Accordingly, AppeUants respectfully request 
withdrawal ofthe rejection of claims 1-21 under 35 U.S.C. § 103(a). 

A.2- Claims 2, 3, 4, 12, 13 and 14 

hi addition to the above, AppeUants respectfiilly submit that claims 2, 3, 4, 12, 13 and 14 
are independently distinguishable from the Chang and Sasich references. Claims 2 arid 12 
depend from claims 1 and U. respectively, and additionally recite that the step of encrypting the 
web page further comprises coding the web page using a browser supported encryption 
algorithm. Claims 3 and 13 depend from claims 1 and 1 1. respectively, and additionally recite 
that the step of encrypting the web page further comprises coding the web page using an 
encryption application not supported by the browser. Claims 4 and 14 depend from claims 1 and 
11. respectively, and additionally recite that the step of encrypting the web page further 
comprises selecting a browser supported encryption algorithm for encrypting the web page. The 
Chang and Sasich references do not teach or suggest these features. 

m the rejection of claims 2, 4, 12 and 14, the Office Action refers to the following 
portions of Chang: 

In certain cases, the HTML forms 1 24a can be transmitted tn fh. w.h w.^.. o ^ 
encrypted fonnat or without any special formatting. The web b rowser T 
143 contaming fom. data to the fin ^cial ...rv^ tn. f,^,,, ^^ulT 

^StZTu ^^f;"^^"^ timestamp, an encrypt^i format contai^ the 
user s digi tal signature and timestamp, or without any special formatting. 

Chang, column 4. lines 8-15. (emphasis added) 

w ^ ^"^^^ embodiment, the FORM tag includes special fields that 

e^^teS^^?^^ "'■'^ fonnatt^(e.g., wheSr or not U is 

"kcTfiSd in 4e t T ""1''^ ^° * ^"^^^d, a special 

key tieldm the FORM tag can be used to specify the server's public key. 
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Chang, column H, lines 20-25. 

If the requested return message format specified encryption (i.e., oufformat^"encrypt"), 
the web browser 216 performs some of the same steps described above. The web browser 
216 randomly generates a session key 254 (step 394). The fonn data is then encrypted 
with the randomly generated session key 254 (step 396). The session key 254 is affixed to 
the encrypted form data and encrypted with the server's public key 142 (step 398). A 
header record 252 is then generated containing a flag 258 having the appropriate value 
("E") and the key length 260 of the enclosed session key. The message is formatted and 
then transmitted to the financial server 102 (step 400). 

Chang, column 12, lines 15-25. 

These portions of Chang only teach that a browser is capable of 1) receiving encrypted 
data and 2) encrypting a message returned to a financial server. Chang does not teach or suggest 
encrypting a web page in the specific manners described in claims 2, 3, 4, ] 2, 13 and 14. 
Therefore, claims 2, 3, 4, 12, 13 and 14 are believed distinguished from the cited references. 

A.3. Claims 5 and IS 

In addition to the above, Appellants respectfully submit that claims 5 and 1 5 are 
independently distinguishable from the Chang and Sasich references. Claims 5 and 15 depend 
from claims 1 and 1 1 , respectively, and additionally recite that the step of caching the web page 
further comprises providing a remote cache location. The Chang and Sasich references do not 
teach or suggest this featiu-e. 

In the rejection of claims 5 and 15, the Office Action refers to the following portion of 

Chang: 

The second new field is the key field (e.g,, kc)^"server's public key") which is used to 
mdicate the server's pubUc key. The sender's public key is used in the encryption process 
associated with the returned user registration message. 

Chang, column 7, lines 14-17. 

This portion of Chang only describes the extensions to the HTML form tag. Chang does 
not teach or suggest caching a web page in the specific manner described in claims 5 and 15, 
namely, by providing a remote cache location. Therefore, claims 5 and 15 are believed 
distinguished from the cited references. 
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A.4. Claims 6 and 16 

In addition to the above. Appellants respectfuljy submit that claims 6 and 16 are 

independently distinguishable fhDm the Chang and Sasich references. Claims 6 and 16 depend 

from claims 1 and 11 , respecti vely, and additionally recite that one of the browser and the 

browser cache is password pmtected from unauthorized usei^. No such teaching is found in 

either reference. In the rejection of claims 6 and 16, the Fmal Office Action cites Sasich at col. 

7, hnes 45-55 and col. 13 lines 30-47, which state: 

Each raw data cache will be encoded to operate at a designated level of security 
commensurate with protection appropriate to the kind of data contained within it and 
required by the anticipated transaction. Raw data cache level 1 may contam basic 
usemames, email address, and appropriate base level security. Raw data cache level 4 
may contain credit card numbers and other sensitive personal financial data requiring 
higher designated levels of security and verification. 

As an alternative to creating a base logo based upon user input, a base logo may be 
provided by a third party such as a web vendor. Whereas a user-selected base logo is 
useful for many generic network transactions, a third party-provided base logo is usefiij 
for encoding information particular to the type of transactions that a user may repeatedly 
have with that third party. For example, a web-based clothing retailer may wish to encode 
a user's clothing sizes, color preference, height, weight, hair color, eye color, shoe size, 
customer number and favorite activities. Such data would be useful for automating 
ordering transactions and for recommending merchandise to that customer. For the case 
of a third party-provided base logo, the logo may be a pictorial representation of a 
vendor's business logo. Such a logo may, after creation, be co-resident on a user's 
computer with other third party logos representing data usefiil to other vendors, clubs, 
special interest groups, employers, unions, banks, utility companies, or other parties with 
which the user has occasional or regular transactions. 

These passages do not teach or suggest the limitations of claims 6 and 16, namely, that a 
browser cache is password protected. Hence, claims 6 and 16 arc believed distinguished from 
the cited references. 



A*5. Claims 7 and 17 

In addition to the above. Appellants respectfully submit that claims 7 and 1 7 are 
independently distinguishable fiiom the Chang and Sasich references. Claims 7 and 17 depend 
from claims 1 and 11, respectively, and additionally recite that the step of encrypting the web 
page further comprises defining a path for storing the web page that directs the web page to 
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memory locations for encrypted data. The Chang and Sasich references do not teach or suggest 
this feature. 

In the rejection of claims 7 and 17, the Office Action refers to the following portions of 

Chang: 

The communications interfece 1 12 is used to communicate with other user 
workstations as well as other system resources not relevant here. 

The primary memory 114 of tlie server computer 102 may be implemented as 
RAM (random access memory) or a combination of RAM and non- volatile memory such 
as magnetic disk storage. The primary memory 1 1 4 of the server computer 102 can 
contain the following: 

an operating system 1 16; 

Intemet access procedures 118; 

Web server procedures 1 20; 

an audit trail 1 22 tracking each financial transaction processed by the financial 
server 102; 

an HTML document repository 1 24; 

an encryption procedure 126 for encrypting and decrypting data; 
Change column 4, lines 48-60. 

The primary memory 208 of the client computer 1 06 may be implemented as 
RAM (random access memory) or a combination of RAM and non-volatile memory such 
as magnetic disk storage. The primary memory 208 of the server computer 102 can 
contain the following: 

an operating system 210; 

network access procedures 212; 

an HTML document repository 214; 

a web browser 216; 

messages 143; 

as well as other data structures and procedures. 
The web browser 216 can contain the following: 

one or more user encryption keys 218 associated with the user's digital signature; 
an encryption procedure 220 for encrypting and decrypting data; 
a random key generation procedure 222 for randomly generating session keys; 
a formatting procedure 224 for configuring a return message in a requested 
manner; 

an initialization procedure 226 that establishes the user's encryption keys 218; 
timestamp procedures 228 that generate a timestamp representing a time and date; 
digital signature procedures 230 that are used to sign a form and verify a user's 
digital signature; 

the user's password 232; 

a browser welcome web page 234; 

a browser's encryption key 240 that is used to encrypt the users encryption keys 

218; 
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one or more session keys 241 for use in encrypting return messages to the server; 
as well a$ other data structures and procedures. 

Change column 5, lines 1 3-45. 

These portions of Chang only describe the system architecture for Chang's invention. 
Chang does not teach or suggest encrypting a web page in the specific manner described in 
claims 7 and 1 7, namely, by defining a path for storing the web page that directs the web page to 
memory locations for encrypted data. Therefore, claims 7 and 17 are believed distinguished from 
the cited references. 



A.6. Claims 8 and 1$ 

In addition to the above. Appellants respectfully submit that claims 8 and 18 are 
independently distinguishable from the Chang and Sasich references. Claims 8 and 18 depend 
from claims 1 and II, respectively, and additionally recite that web page information that is 
cached and then paged is paged as encrypted web page information. The Chang and Sasich 
references do not teach or suggest this feature. 

In the rejection of claims 8 and 18, the Office Action refers to the following portions of 

Sasich: 

Caches can also be distinguished by type of electronic storage technology, for instance 
hard disk, touch memory, floppy disk, etc., and by types of other software devices used 
with the data, particularly those performing security and encryption functions. 

Sasich, column 7, lines 42-46. 

As an alternative to creating a base logo based upon user input, a base logo may 
be provided by a third party such as a web vendor. Whereas a user-selected base logo is 
usefiil for many generic network transactions, a third party-provided base logo is useful 
for encoding information particular to the type of transactions that a user may repeatedly 
have with that third party. For example, a web-based clothing retailer may wish to encode 
a user's clothing sizes, color preference, height, weight, hair color, eye color, shoe size, 
customer number and favorite activities. Such data would be useful for automating 
ordering transactions and for recommending merchandise to that customer. For the case 
of a third party-provided base logo, the logo may be a pictorial representation of a 
vendor's business logo. Such a logo may, after creation, be co-resident on a user's 
computer with other third party logos representing data useful to other vendors, dubs, 
special interest groups, employers, unions, banks, utiHty companies, or other parties with 
which the user has occasional or regular transactions. 
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Sasich, column 13, lines 30-47. 

writing each said coirespoBding transformation coefficients and said reference to said 
corresponding library block to memory. 

Sa^ick, column J 5, lines 25-28. 

These portions of Sasich do not teach or suggest that web page information that is cached 
and then paged is paged as encrypted web page information, as recited in claims 8 and 18. 
Therefore, claims 8 and 18 are believed distinguished from the cited references. 
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CONCLUSION 

In view of tbe above. Appellants respectfully submit that claims 1-21 define over the prior 
ait of record. Appellants therefore respectfully request the Board of Patent Appeals and 
Interferences to overturn the rejection of claims 1-21 under 35 U.S.C, 103(a). 



Respectfully submitted. 



Gerald H. Glanzman^ 
Reg. No. 25,035 
YEE & ASSOOATES, P.* 
PO Box 802333 
Dallas, TX 75380 
(972) 385-8777 
Attorney for Appellants 



GHG/yja 
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CLAIMS APPENDIX 

The text of the claims involved in the appeal are: 

1 . A data processing implemented method for securing information stored in a browser 
cache associated with a browser, the method comprising: 

initiating a session; 
requesting a first web page; 
receiving the web page; 
encrypting the web page; and 
caching the web page. 

2. The method recited in claim 1, wherein the step of encrypting the web page fiirther 
comprises coding the web page using a browser supported encryption algorithm. 

3. The method recited in claim 1, wherein the step of encrypting the web page further 
comprises coding the web page using an encryption application not supported by the browser. 

4. Tlie method recited in claim I , wherein the step of encrypting the web page further 
comprises selecting a browser supported encryption algorithm for encrypting the web page. 

5. The method recited in claim 1, wherein the step of caching the web page further 
comprises providing a remote cache location. 
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6. The method recited in claim 1 , wherein one of the browser and the browser cache is 
password protected from unauthorized usere. 

7. The method recited in claim 1, wherein the step of encrypting the web page further 
comprises defining a path for storing the web page that directs the web page to memory locations 
for encrypted data. 

8. The method recited in claim 1, wherein web page information that is cached and then 
paged is paged as encrypted web page infonnatiori. 

9. A data processing implemented method for securing infonnation stored on a browser 
cache, the method comprising: 

opening an application using a browser; 

performing an application specific function on the application using the browser, wherein 
application specific information is produced; 

encrypting the appHcation specific information; and 
caching the application specific information. 

10. A data processing implemented method for securing information stored in a browser 
cache associated with a browser, the method comprising: 

initiating a session; 

decrypting data contained in the browser cache, wherein the deciypted data is associated 
with information content stored in the browser cache- 
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requesting infonnation stored in the browser cache; 
checking the decrypted data for requested infonnation; and 

decrypting additional data contained in the browser cache, wherein the decrypted data is 
the requested information. 

1 1 - A data processing system for securing iofomiation stored in a browser cache associated 
with a browser, the system comprising: 

initiating means for initiating a session; 

requesting means for requesting a first web page; 

receiving means for receiving the web page; 

encrypting means for encrypting the web page; and 

cachiog means for caching the web page. 

12. The system recited in claim 1 1, wherein the encrypting means for encrypting the web 
page further comprises coding the web page using a browser supported encryption algorithm. 

13. The system recited in claim 1 1, wherein the encrypting means for encrypting the web 
page further comprises coding the web page using an encryption ^plication not supported by the 

browser. 



14. The system recited in claim 1 1 , wherein the encrypting means for enctypting the web 
page further comprises selecting a browser supported encryption algorithm for encrypting the 

web page. 
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15- The system recited in claim 1 1, wherein the caching means for caching the web page 
further comprises providing a remote cache location. 

16. The system recited in claim 1 1. wherein one of the browser and the browser cache is 
password protected firoro unauthorized users. 

17. The system recited in claim 1 1, wherein the encrypting means for encrypting the web 
page further comprises defining a path for storing the web page which directs the web page to 
memoiy locations for encrypted data. 

18. The system recited in claim 1 1 , wherein web page information that is cached and then 
paged is paged as encrypted web page information. 

1 9. A data processing system for securing information stored on a browser cache, the system 
comprising: 

opening means for opening an appUcation using a browser, 

performing means for performing an application specific function on the application 
using the browser, wherein application specific information is produced; 

encrypting means for encrypting the appUcation specific information; and 
caching means for caching the application specific information. 



20. A data processing system for securing information stored in a browser cache associated 
with a browser, the systan comprising: 
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initiating means for initiating a session; 

decrypting means for decrypting data contained in the browser cache, wherein the 
decrypted data is associated with information content stored in the browser cache; 

requesting means for requesting information stored in the browser cache; 

checking means for checking the decrypting data for requested information; and 

decrypting means for decrypting additional data contained in the browser cache, wherein 
the decrypted data is the requested information. 

21. A computer program product on a computer readable medium for securing information 
stored in a browser cache associated with a browser comprising: 

imtiating instructions for initiating a session; 

requesting instructions for requesting a first web page; 

receiving instructions for receiving the web page; 

encrypting instructions for eacrypting the web page; and 

caching instructions for caching the web page. 
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EVIDENCE APPKivniY 

There is no evidence to be presented. 
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RELATED PROCEEDINGS APPENDTV 

There are no related proceedings. 
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